Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: What's a BackDoor?

  1. #1
    Junior Member
    Join Date
    Apr 2004
    Posts
    18

    Talking What's a BackDoor?

    Hi all

    What is a Backdoor?
    How does it work?
    How to find out the Backdoor present in the system? Both Unix and Windows.

    Stay Tuned

  2. #2
    Junior Member
    Join Date
    Apr 2004
    Posts
    18

    Talking What's a BackDoor?

    Hi all

    What is a Backdoor?
    How does it work?
    How to find out the Backdoor present in the system? Both Unix and Windows.

    Stay Tuned

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    407
    A backdoor is basically a very generic term for a way for an intruder to get in to another system. It can work in a number of ways, either being left in code, or a trojan, etc. Well, you last question is a little tougher. If the backdoor is a trojan, then chances are it will show up on a virus scan. But if it is embedded in the code of a legitimate app (wasnt there one in redhat a couple years ago, pirhana or something?) then you might have a problem, because it will be a little harder to find. Google it. Sorry, i gotta go to school.


    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    407
    A backdoor is basically a very generic term for a way for an intruder to get in to another system. It can work in a number of ways, either being left in code, or a trojan, etc. Well, you last question is a little tougher. If the backdoor is a trojan, then chances are it will show up on a virus scan. But if it is embedded in the code of a legitimate app (wasnt there one in redhat a couple years ago, pirhana or something?) then you might have a problem, because it will be a little harder to find. Google it. Sorry, i gotta go to school.


    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    It's the same as a house. A house has a front door. This door is usually well protected and locked. The backdoor is sometimes left open.

    But seriously it's a small program that listens on a certain port and it gives the bad guys a way to enter your system without being blocked by the normal security measures.

    There's a way to find out what port is 'listening'. You can use the same command on *nix and windows:

    netstat -an look for ports that have the status LISTEN.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    It's the same as a house. A house has a front door. This door is usually well protected and locked. The backdoor is sometimes left open.

    But seriously it's a small program that listens on a certain port and it gives the bad guys a way to enter your system without being blocked by the normal security measures.

    There's a way to find out what port is 'listening'. You can use the same command on *nix and windows:

    netstat -an look for ports that have the status LISTEN.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Senior Member
    Join Date
    May 2004
    Posts
    107
    So, If i see some suspecious ip as LISTENING, how do I stop it ?

    1 more total newbie question :
    What do u mean by LISTENING, TIME_WAIT, ESTABLISHED, and CLOSE WAIT ?
    XNikon
    please don\'t visit www.BusyTalk.com

  8. #8
    Senior Member
    Join Date
    May 2004
    Posts
    107
    So, If i see some suspecious ip as LISTENING, how do I stop it ?

    1 more total newbie question :
    What do u mean by LISTENING, TIME_WAIT, ESTABLISHED, and CLOSE WAIT ?
    XNikon
    please don\'t visit www.BusyTalk.com

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by XNikon
    So, If i see some suspecious ip as LISTENING, how do I stop it ?
    It depends what is listening. On windows you'll need a utility called fport. On Freebsd (maybe linux too) you can use the command sockstat. Both commands will tell you the process that is listening on that port.


    1 more total newbie question :
    What do u mean by LISTENING, TIME_WAIT, ESTABLISHED, and CLOSE WAIT ?
    These are the states a tcp connection can be in.

    http://support.microsoft.com/default...;EN-US;q137984
    http://www.faqs.org/docs/iptables/tcpconnections.html
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by XNikon
    So, If i see some suspecious ip as LISTENING, how do I stop it ?
    It depends what is listening. On windows you'll need a utility called fport. On Freebsd (maybe linux too) you can use the command sockstat. Both commands will tell you the process that is listening on that port.


    1 more total newbie question :
    What do u mean by LISTENING, TIME_WAIT, ESTABLISHED, and CLOSE WAIT ?
    These are the states a tcp connection can be in.

    http://support.microsoft.com/default...;EN-US;q137984
    http://www.faqs.org/docs/iptables/tcpconnections.html
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •